My ramblings about all things technical

Tag Archives: vCAC

Recently I was fortunate enough to design and build an enterprise level distributed installation of the vRealize Automation suite of products and integrate it into an enterprise environment. I’ve done several vRA/vCAC deployments before but each time I do a new deployment I like to collate information, read all the latest articles and make sure what worked in the past for me hasn’t changed or more likely has been enhanced so I can provide an even better deployment.

For those unsure of what an enterprise distributed deployment comprises of I have added a logical diagram below (click on the picture to expand it as it is fairly large)

For my current deployment it was based on vRealize Automation 6.1 due to it being part of an EMC Hybrid Cloud deployment but the architecture and layout are exactly the same for 6.2. (note this is defined after collecting customer requirements based on amount of workloads, NSX load balancing and the requirement of application services so make sure you have reasons for design decisions)

Resources

For the resources I used, some are ones I used in the past to learn how to do an enterprise deployment and some are ones I re-read prior to this deployment. I have listed them below to save me looking for them again but also to maybe help other people:

The first place anyone should start is the vRA documentation centre which has a large portion of the vRA documentation you will need to have read and at some points follow along with to do your deployment.

One challenge when deploying an enterprise level deployment of vRA is that you should at a minimum use internally signed certificates. For vRA if you are changing one on the components then you need to change all of them or else you will have a plethora of problems (I have spent countless hours in the past helping companies who have tried their own PoC , have only changed a few certificates and then deployed workloads that they now want to keep). For this portion I like to follow Eiad Al-Aqqad’s resources as to me they seem really straight forward and have worked really well in the past

NB: Make sure when importing the certificate into the appliances remember to remove the bag attributes at the beginning of the PEM file and start from —BEGIN CERTIFICATE—– until ——–END CERTIFICATE————-

Once you have the certificates prepared then you can start the deployments. I used the identity appliance rather than the vCenterSSO due to the identity appliance following the same upgrade schedule as all the other vRA components and in the past I have hit a few problems due to people using vCenter SSO. There are positives and negatives of using SSO so make sure you look at both options and select the correct option for your deployment. The official documentation is good but I also used Emad and Grants blogs for the deployment of the identity appliance

Next portion is the configuration of the external vPostgres database and for this I used the vRA appliance and disabled the services that were not required. For this i used the official documentation. If you don’t know how to deploy the vRA appliances then go to the next step , follow that then come back to this step (Although I do worry if you don’t know how to deploy an appliance)

Next are the IaaS components. This is SO MUCH easier than the vCAC 4.1 days now that there is the pre-req script. The script can be found here. Before installation of the IaaS components ensure you have ntrights.exe downloaded, a windows iso attached to the virtual machine (2012 requires this but 2008 never did) and java 7u75 downloaded in an easily searchable folder (java version is correct as of this posting). For these steps I was going to break it down into a few blog postings but fellow vBrownbag member, Jonathan Frappier has done such a cracking job I recommend you follow his:

Now that the components are installed it is time to grant permissions, create the required tenant/s for your cloud workloads apart from the default tenant and create all the business groups. Again Jonathan has broken this down brilliantly and this is what I re-read prior to my deployments

Now on to the application services, adding and preparing of vSphere templates and creating entitlements so that services can be requested. Again Jonathan has covered it perfectly ( as does the official documentation that you should be following alongside these)

Now for the vRO deployment as well as including NSX into vRA and installing the NSX plug-in to the vRO server. For vRO I used the windows method rather than the appliance route due to us being unable to do multi-hop WinRM using the PowerShell plugin when we need to run PowerShell scripts locally on multiple servers rather than locally on the vRO server. For this I used Sid Smith’s articles as well as the standard VMware documentation:

Received a “Failed to retrieve form from provider” when requesting a catalog item in vRA (this is using multi-machine rather than application services). This error is one I still have a ticket with engineering open for as what is happening is that when we do a quiesced backup of the vRO database this at times causes one of the vRO nodes to stop due to a timeout in connectivity to the database. Currently the only way fix is to start the stopped node. I will update this if/when VMware engineering give a realistic solution.

If you are unsure about any of the portions mentioned or want to know more, you can ask VMware Professional Services for whom I did this design and deployment or Xtravirt who are a VMware partner, to come in and help you with the design/configuration of your environment.

A quick posting around a problem I was experiencing at my current customer where if we went into entitlements, chose a service and tried to add an entitled action, the list was missing a number of actions and seemed as if it had only installed actions up to D.

To fix the problem all that the needed to be done was to open command prompt as an administrator on the machine your Model Manager Data service is installed on (for mine this was the IaaS Web servers) and to run the following commands:

cd C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe

Vcac-Config.exe registercatalogtypes –v

The command will run and once completed successfully will say “Command succeeded”

Seeing as my vCAC 6.0 Resources page gained quite a fair amount of traffic and after several requests from people for me to update that list to include 6.1 resources I thought I would create a new posting to cover the new naming and for future releases.

Today at VMworld Europe, VMware are going to announce vRealize Automation 6.2 which is the renamed vCloud Automation Center solution but obviously the next version which is due to be available in Q4 this year. It does seem like there is a new version every six months of the solution as vCAC 6.1 was only GA 6 weeks ago which added a whole host of new features.

Below is an overview of what is being added in the vRealize Automation 6.2 product, fortunately there isn’t a change to the architecture so for those who have recently deployed vCAC 6.1 to customer like I have recently you don’t have to stress about doing the upgrade like it was between previous versions.

Not long after VMworld Europe vCAC 6.1 was released. For the past year I have been very fortunate to have been on some very large vCAC projects as an extension of VMware PSO and have seen the product change dramatically. there have certainly been some challenges but I’m super excited about vCAC 6.1 and from the experience I have gained of it so far it is looking very solid and now can work seemlessly with vCO along with a number of other great new feaures. So below is an overview of what is new in vCAC 6.1.

vCAC Extension

Interested in Developing a VCO Plugin? Free Access to the vCO Plug-in SDK

Knowledge

Identify availability options for management components.

Availability can achieved within the vCloud architecture in a number of different ways and via differing methods. I’m going to break them up into different categories and i’m not going to cover each one but if you understand the different methods I think when you are reading the vCAT or any other kind of design book you’ll be able to identify them with ease.

Redundancy: This is simply creating multiple instances of an important service to ensure that if one or more fail that the solution isn’t impacted by this. There are multiple examples of this but the most simple but one of the most important in my opinion is the creation and usage of multiple vCloud cells to ensure load balancing but more importantly redundancy in the event of a loss of a vCloud cell. You can also cover this further down the stack with Heartbeat in the vSphere layer(even though this has now been made end of life) ,multiple network cards from the physical networking and multiple redundant switches to multiple redundant storage processors.

Disaster Recovery/Failover: This is covered in a whole section in the vCAT which goes over methods of utilising products like SRM to configure disaster recovery of the management layer. For conceptual this is more about knowing what is and isn’t possible but also taking the availability requirements of the customer from a business impact analysis where it is deemed the amount of money a customer is willing to lose due to downtime and then equate this to a number of nines. The table below gives an example of the number of times compared to amount of downtime and with the larger the number of nines this will then mean more expensive solutions which you will need to advise your customer about (99.9 can be met by HA for example but 99.99 will require heartbeat and synchronise replication with QoS). For conceptual you don’t cover specific products but knowing that you will need a DR site with fast links between will cover this for example.

Differentiate between management components and resource components.

This is simply determining what should be part of your management cluster and what should be part of your resource cluster. I think this is really straight forward as anything in your management cluster is used to provide services to you the vCloud administrator and the resource cluster/s are for your customers to provision to and is the pools of resources you configure as your provider virtual datacentres. The below image is a great example of a conceptual diagram of the management and resource clusters.

Skills and Abilities

Explain compatibility of various vSphere high availability features with a vCloud design.

This is covered perfectly in appendix A of the vCAT Architecting a VMware vCloud pdf so I don’t see the need to explain it here and i think it is better if you go through that instead. The link to the online documentation centre is here

Given customer requirements and constraints, determine appropriate customer Service Level Agreements (SLAs) for the conceptual design.

This is covered in more depth within objective 1.6 so we will cover this in that section.

Determine how given SLAs impact availability design decisions.

This is covered in more depth within objective 1.6 so we will cover this in that section.

Given customer requirements and constraints, determine how to achieve desired availability.

From the design workshops and requirements collecting you will have worked out what the customers requirements and constraints are and will then have to work with these to try meet them all. For this it is their availability requirements which will be as I mentioned above their permitted amount of downtime per year along with their RPO’s ,RTO’s , MTD’s and WRT’s. From this you will have to work with their constraints to design a solution that meets their requirements so for example if they have an RPO of 5 minutes for critical systems within the management cluster in the event of a site failure this cannot be achieved via SRM with vSphere replication. For the conceptual design my example isn’t applicable but knowing this kind of limitation will then mean you know conceptually what needs to be created (multiple sites with fast links that have near zero latency for multiple data service providers and storage that can achieve this)

Given customer requirements and VMware technologies, determine availability impact to the conceptual design.

I feel this is largely what i have mentioned above but now you are including VMware technologies limitations/capabilities into your thinking which I actually did above. You will need to know what is and isn’t possible with HA for example and how it’s can only provide a certain level of availability and is limited by the amount of restarts it can achieve at once whilst being possibly limited by priority groups.

If you feel I have covered something incorrectly please let me know as I’m learning like everyone else and I certainly don’t claim to be perfect (near it but not perfect ). Also the vBrownbag covered the whole of objective 1 here.

A colleague of mine at Xtravirt, Richard Renardson was experiencing an ambiguous “System Exception” error on the requests page in the vCAC 6.0.1 portal at a very high profile customer. Upon checking the server side log it was showing an error stating that “cat_request” does not exist. We tried a few things and looked through quite a few VMware KB articles but were unable to find anything that matched our problem.

After some troubleshooting we were able to determine what the problem was and a fix so he graciously allowed me to blog it to hopefully save someone else the time especially with vCAC becoming so popular recently. The problem seems to happen when an external database has been configured and the hstore extension is missing/has not been created and this extension is required by vCAC for the creation of tables. What we had to do in the end is to create the hstore extension in the vCAC database. The steps we followed to create the hstore extension was to :

Log in to the external DB using the pgAdmin tool.

Within the pgAdmin console we had to run this SQL statement to connect to the vCAC DB:

\connect "YOURDBNAME";

Within the pgAdmin tool we needed to create the hstore extension by running the following statement: